Workplace: White City, London - Hybrid
10 Month Fixed-Term Contract
Cyber Resilience Manager
We’re looking for a Cyber Resilience Manager to lead on establishing and embedding ITV’s Resiliency Framework and Technical Recovery Policy.
This is a strategic role responsible for embedding, governing and continuously improving ITV’s resilience capability across the organisation. You will translate business resiliency risk into clear technical requirements, directing and supporting Technology Architects and Technology teams on the necessary implementations to meet company recovery objectives.
You will be accountable for Resilience governance, ensuring Minimum Viable Company (MVC) and Critical Services remain compliant, owning the Resilience Risk Register, and acting as Deputy to the Head of Security Risk during a crisis.
This role line manages a Resilience Analyst and plays a key part in shaping ITV’s operational resilience posture.
Responsibilities:
1. Policy Ownership & Enforcement: Own and enforce the Technical Recovery Policy, auditing compliance and ensuring all Critical Service Owners (Technical and Business) understand and meet their obligations.
2. Resilience Oversight & Backlog Ownership: Act as Product Owner for Resilience within the Technology backlog, defining Non-Functional Requirements (NFRs) for new initiatives and working with teams to ensure that requirements are met.
3. Risk Management: Own the resilience risk management process for unmet requirements, quantifying, documenting and presenting risks to relevant forums to support informed decision-making and planning.
4. Business-to-Technical Translation: Translate MVC Analysis (business needs) into formal Statements of Requirements for IT teams, including defining RTO/RPO targets and associated recovery expectations.
5. Vendor Assurance: Conduct assurance reviews of critical Suppliers and SaaS providers (e.g. AWS, Okta) to ensure designs align with ITV’s targets for resilience and recovery.
6. Continual Improvement: Lead post-incident analysis for major outages (Security or Operational), ensuring not only technical fixes are implemented but also that processes and recovery plans are updated to prevent recurrence.
7. Leadership & Governance: Act as Deputy to the Head of Security Risk during crisis situations, supporting senior stakeholders and ensuring resilience governance remains robust and effective.
Skills you’ll need (minimum criteria)
8. At least 5+ years’ experience in Cyber Security, Business Continuity, IT Disaster Recovery Management or Operational Resilience, with significant, demonstrable experience embedding resilience governance frameworks.
9. Proven experience establishing, governing and improving resilience or recovery capabilities across complex technology environments.
10. Strong technical fluency, with the confidence to discuss concepts such as immutable backups, failover latency and cloud zones with Architects and senior technical stakeholders (without necessarily being hands-on engineering).
11. Strong, practical experience identifying, quantifying, documenting and managing risk (e.g. RAID logs, Risk Registers) and presenting risks at governance forums.
12. Proven ability to influence and support senior stakeholders (e.g. Service and Product Owners) to them understand, plan and prioritise resilience roadmaps to address risk.
Other things we’re looking for (key criteria)
13. Recognised certifications in Business Continuity or Cyber Risk Management (e.g. CISSP, MBCI, CRISC).
14. Knowledge of ISO 22301, NIST or the Operational Resilience regulatory landscape.
15. Experience within high-availability environments such as Broadcast, Telco or Financial Trading sectors.
16. Strong collaboration and stakeholder engagement skills, working across both tech and business teams
17. Good organisation and project management skills.